Companies rely on cybersecurity to protect their businesses, their customer data and, more broadly, their brands. As cyber threats surge to unprecedented levels, with the global annual cost of cyber-related crimes estimated to reach $9.5 trillion in 2024, robust cybersecurity measures have never been more critical for enterprises of all sizes across every industry.
The escalating frequency and severity of cyber incidents continue to catalyze significant investment in cybersecurity solutions. Furthermore, the rapid and compounding pace of technological advancements and growth in hybrid and remote working environments are necessitating innovative and dynamic approaches to cybersecurity posture management.
At FTV, our focus on cybersecurity dates back decades and continues to be a major investment area given the sector’s quick evolution and the ever-expanding opportunities to partner with leading entrepreneurs. Our experience and deep expertise enable us to take a thoughtful approach as technologies and the overall landscape evolve into new directions.
Partner Richard Liu is one of the FTV’s experts on cybersecurity, having led and worked on a number of our investments in the sector. Here are some of his thoughts on this dynamic market.
#1 | Why are you excited about cybersecurity right now as a sector to invest in?
Ten years ago, cybersecurity was a “nice to have” that primarily concerned only large enterprises; but today it’s a “must have” for businesses of all sizes. The stakes have risen sharply with greater visibility due to the reputational risks of a breach and the growing sophistication of threat actors and attacks, further exacerbated by the advent of AI.
The global cybersecurity market is vast, estimated at close to $200 billion in 2024 and expected to grow roughly 12 to 15 percent annually as companies invest more and more in cybersecurity each year. The attack vectors have changed dramatically. Fifteen years ago everything was on premises. Banks or large enterprises had their own data centers and remote work wasn’t common, so technology was contained in a corporate environment. Now, with remote work and widespread use of third-party and cloud applications, there’s just so much more data at risk of exposure.
At FTV, cybersecurity is one of the largest sectors we cover because it’s truly horizontal. Some of the biggest cybersecurity spenders and adopters are in financial services because their value propositions are rooted in brand and trust. Financial services institutions represent a majority of the firms in FTV’s Global Partner Network(r), and moreover, financial technology is a core investment sector for us. So taken altogether, there’s very strong alignment across our practice areas.
#2 | Given recent increased interest in cybersecurity and the vast array of solutions in the space, how do you evaluate and identify companies to back?
While the market is enormous, with many potential customers, it’s also extremely crowded. You have lots of companies competing for the same budgets, and many of them are skilled marketers, so you have to be very diligent about cutting through the noise. To succeed in cyber, you need to address a real pain point that no one is solving, or that legacy providers aren’t addressing efficiently, and then find the right solution.
Lately, a key issue we’re seeing is that companies have accumulated multiple security tools and applications: one for network security, another for endpoints, cloud security, and so on. But these tools often don’t communicate or integrate well, leaving gaps in visibility. Solutions that stitch together and integrate these signals are crucial. For example, our portfolio company, ReliaQuest, does this with its extended detection and response (XDR) platform that operationalizes security environments – the company has grown over 20x since we invested in 2016.
We often uncover critical enterprise trends like this by talking to the executives in our Global Partner Network. We’re constantly asking these enterprises: “What are you worried about? Where are you allocating budget going forward? What solutions would be most compelling?” In fact, this is how Reliaquest came to us.
We also first heard about ID.me, another FTV portfolio company, through our Global Partner Network. At the time ID.me was an emerging vendor reshaping the digital identity landscape. At FTV, we believed that digital identity was vital for the online economy and for preventing fraud, and through conversations with executives in our Global Partner Network we also knew that digital identity was a major pain point for large enterprises, especially for critical online transactions. ID.me approached the market in a novel manner, and since our investment in 2017 it has grown immensely becoming one of the leaders in digital identity.
#3 | How are FTV portfolio companies responding to the rapid growth of AI and its impact on cybersecurity?
There are really two factors when it comes to AI in cyber. First, and probably obvious, every cyber company is talking about AI. Go to any major security conferences, and it’s everywhere. The companies in our cybersecurity portfolio are constantly thinking about how to embed AI or generative AI to enhance products. This includes using AI for threat detection by analyzing patterns for greater accuracy, as well as using AI for automating the remediation of alerts or attacks. It’s very noisy right now, but we are excited to identify companies that are truly leveraging AI in their offerings.
The second factor is securing AI itself, which has become a much bigger pain point given how enterprises are leveraging AI. Companies need to be vigilant about keeping proprietary data safe, and so we’re seeing a great opportunity for companies focused on data security. There are companies focused on securing AI models from a data perspective.
We’ve seen some of these companies, and while they can be exciting, there’s also the risk of hyperinflated valuations due to the AI hype. It’s important to separate enduring and innovative companies from less durable features.
#4 | How is the industry changing, and do you see the cybersecurity industry or larger cyber companies as ripe for disruption?
The cybersecurity industry is going through “platformization” or consolidation. Over the past five years, especially in 2021, there was a flood of venture funding, and some companies that probably shouldn’t have been funded were able to secure investments. Now, there’s a big push to consolidate vendors because staying on top of too many separate security tools has become unmanageable. We spoke to a security executive who said they had 50 different security technologies in their stack – that’s just overwhelming. So, companies are trying to reduce that number to 10 or 20.
We’re also seeing consolidation not only among larger vendors but through big companies acquiring smaller ones to expand their offerings and meet the demand for streamlined, all-in-one solutions. Despite this trend, we’re still excited about the opportunities in cybersecurity. There’s plenty of room for nimble startups that are solving very real pain points, and many potential exit paths for them. Plus, consolidators often move slower – they innovate, but not as fast as startups can.
#5 | What is most overlooked in cybersecurity?
One area of cyber we like a lot that isn’t covered as widely is analog markets undergoing a shift to a more technology-led approach. These are existing multi-billion-dollar markets with significant pain points that are still being addressed in outdated, manual ways – often requiring a lot of human capital.
A-LIGN is a great example. A-LIGN provides cybersecurity and compliance audits to ensure companies have the right security posture, combining services with automation technology to be much more efficient. Since 2018 when FTV initially invested, A-LIGN has grown 6x.
Another example of this trend is the penetration testing market – where vendors simulate attacks on an organization to identify vulnerabilities. It’s like checking whether the alarm system works. Historically this has been a fairly manual and people-intensive process, but now there’s a new wave of vendors automating parts of this value chain. And there is an ongoing shift to continuous pen testing where enterprises conduct pen tests several times a year instead of just once a year.
We like these markets because, even though others may not be chasing them and they may not be all that sexy, they’re mission critical to businesses. There’s big spending, big pain points and huge investment opportunities.